/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package com.mavenrentcars.controller;

import com.mavenrentcars.exception.ViewException;
import com.mavenrentcars.model.User;
import com.mavenrentcars.service.AccountService;
import java.io.IOException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.ui.ModelMap;

/**
 *
 * @author student
 */
@Controller
public class SecurityController {

    @Autowired
    protected HttpServletRequest httpServletRequest;
    @Autowired
    AccountService accountService;

    public static boolean isAjax(HttpServletRequest request) {
        return "XMLHttpRequest".equals(request.getHeader("X-Requested-With"));
    }

    @RequestMapping(value = "security_error.htm", method = RequestMethod.GET)
    public ModelAndView errorHandler(
            HttpServletRequest req,
            HttpServletResponse res) {

        ModelAndView mav;
        if (isAjax(req)) {
            mav = new ModelAndView("jsonView");

            mav.addObject("error", "access_denied");
            mav.addObject("res", false);
        } else {
            mav = new ModelAndView("account/login");
            mav.addObject("acc", accountService);
        }

        return mav;
    }

    @RequestMapping("login.htm")
    public ModelAndView loginHandler(
            HttpServletResponse httpServletResponse,
            @RequestParam(value = "email", required = true) String email,
            @RequestParam(value = "password", required = true) String password) throws IOException {
        User account = new User();

        ModelAndView mav = new ModelAndView("jsonView");

        try {
            account = accountService.getAccountByLogin(email);
            if (null == account) {
                throw new ViewException("Login not correct");
            }
            //String salt = cryptService.getSalt(account.getPassword());
            //String encryptedPassword = cryptService.cryptPassword(password, salt);
            String encryptedPassword = password;
            String accountPassword = account.getPassword();
            if (!accountPassword.equals(encryptedPassword)) {
                throw new ViewException("Password not correct");
            }
            accountService.setAuthentication(
                    account.getEmail(),
                    account.getPassword(),
                    account.getAuthorities());

            mav.addObject("res", true);

        } catch (ViewException ex) {
            mav.addObject("error", ex.getMessage());
            mav.addObject("res", false);
        }
        return mav;
    }

    @RequestMapping("logout.htm")
    public String logoutHandler(ModelMap model) {
        accountService.logout();
        return "redirect:/cars_list.htm";
    }
}
